technology governance for nuclear safety under …gnssn.iaea.org/actionplan/shared documents/action...
TRANSCRIPT
-International Experts’ Meeting on Protection against Extreme Earthquakes and Tsunamis in the Light of the Accident at the
Fukushima Daiichi Nuclear Power Plant (IEM3)-IAEA Headquarters, Vienna, 4-7 September 2012
1
Technology Governance for Nuclear Safety under
Earthquake-Tsunami Environments-Engineering Mission to Overcome the 3.11 Fukushima Disaster-
Hiroyuki Kameda Professor Emeritus, Kyoto University
Technical Counsellor, JNES
Contents
2
1. General Remarks2. Technology Governance– A Key Technology
Management Framework for Nuclear Safety3. Critical Lessons from the 3.11 Fukushima
Accident and Relevance to Technology Governance
4. Action Criteria for Technology Governance5. Input from Investigation Committees with
implications to Technology Governance6. Conclusions
3
1. General Remarks(1) Background+The nuclear safety is being seriously questioned by the people of Japan since the Fukushima I accident.
+The question has enough reasons to be asked in the presence of the accident that should have never happened.
+Thorough and comprehensive reviews must be conducted on i) socio-economic and political issues relevant to energy policy and ii) technological bases of this complex system.
+The final judgment is to be made by the people of Japan.
+Sufficient information must be disclosed enough to make such judgments.
4
(2) Implications to international agenda+The presentation basically reflects Japanese situations; it is very Japanese.
+We believe that the issues discussed herein are universal as well.
+We recognize that some countries do exercise excellent framework of technology governance.
+For other countries, especially new-comers in the nuclear business, it is strongly hoped that lessons learned from the Fukushima accident and described herein be carefully incorporated in their nuclear development processes.
5
* Acknowledgments to:Tsuyoshi Takada (Univ. of Tokyo) and Katsumi Ebisawa (JNES)
* Reference:H. Kameda, T. Takada, K. Ebisawa, and S. Nakamura, “Prevent Nuclear
Disaster (3) – Agenda on Nuclear Safety from Earthquake Engineering”, Journal of Atomic Energy Society of Japan (AESJ), Vol.54, No.9, Sep. 2012, pp.29-35, (in Japanese).
* Note:+ PSA or PRA ? => PRA is employed herein.
6
2. Technology Governance – A Key Technology Management Framework for Nuclear Safety
+It is critically important to use appropriate technology for nuclear safety.
+More importantly, appropriate decision mechanism should be established to implement appropriate technology.
+Comprehensive observations of Fukushima I (SA occurred) and Onagawa, Fukushima II, Tokai II (stabilized before SA) demonstrate its importance.
+The issue is beyond individual technological elements. It questions how to put safety technology firmly in regulation and operators’ cooperate management.
+It is the issue of “Technology Governance”, today’s main subject.
7
*Definition of Technology Governance (proposed)+Technology Governance = Totality of actors, rules, conventions, processes, and mechanisms concerned with how relevant technological information is collected, analysed and communicated and management decisions are taken
+Analogy to “Risk Governance”Ortwin Renn, “Risk Governance towards an Integrative Approach”, IRGC White Paper No.1, International Risk Governance Council, September 2005.
+Should be applicable throughout NPP life cycles: Siting, Design, Construction, Operation, Decommission
8
3. Critical Lessons from the 3.11 Fukushima Accident and Relevance to Technology Governance
i) Report of Japanese Government to the IAEA Ministerial Conference on Nuclear Safety (June 2011), “The Accident at TEPCO’s Fukushima Nuclear Power Stations”, Nuclear Emergency Response Headquarters
ii) IAEA International Fact Finding Expert Mission of the Fukushima Dai-ichi NPP Accident Following the Great East Japan Earthquake and Tsunami, 24 May – 2 June 2011, Report to the Member States
(1) Lessons raised three months after the event:
+ Lessons in category 1: Strengthen preventive measures against severe accidents(1) Strengthen measures against earthquakes and tsunamis, (2) Secure power supply, (3) Secure robust cooling functions of reactor and PCV, (4) Secure robust cooling functions of spent fuel pools, (5) Thorough accident management (AM) measures, (6) Response to issues concerning the siting with more than one reactor, (7) Consideration on placements of NPS in basic design, (8) Ensuring the water tightness of essential equipment = Technical agenda
+ Lessons in category 2: Enhancement of response measures against severe accidents(9) prevention measures of hydrogen explosion, (10) containment venting system, (11) accident response environment, (12) radiation exposure management system at accident, (13) training responding to severe accident, (14) instrumentation to identify the status of reactors and PCVs, (15) Central control of emergency supplies and equipment and setting up rescue team= Technical agenda
+ Lessons in category 3: Enhancement of nuclear emergency response(16) combined large-scale natural disaster and prolonged nuclear accident, (17) environment monitoring, (18) clear division of roles between central and local organizations, (19) communication relevant to the accident, (20) assistance by other countries and communication to the international community, (21) identification and forecast on the effect of released radioactive materials, (22) definition of widespread evacuation area and radiological protection guideline= Technical agenda + Societal agenda + Technology governance
+ Lessons in category 4: Reinforcement of safety infrastructure(23) safety regulatory bodies, (24) legal structure, criteria and guidelines, (25) human resources, (26) independence and diversity of safety system, (27) effective use of PSA in risk management = Technology governance
+ Lessons in category 5: Raise awareness of safety culture(28) Raise awareness of safety culture= Technology governance
i) Report of Japanese Government to the IAEA Ministerial Conference (June 2011)
9
10
ii) IAEA International Fact Finding Expert Mission of the Fukushima Dai-ichi NPP Accident Following the Great East Japan Earthquake and Tsunami, 24 May ~ 2 June 2011
Main feature: Report to the IAEA Member States+ Lessons 1 ~ 15 are mainly technical agenda:
(1) Hazard, (2) Alternative power sources and (3) their handling, (4) Emergency response centers and (5) their functionality, (6) Severe accident management guidelines, (7) Multi-unit issues, (8) Hydrogen explosion, (9) Diversity in defense-in-depth, (10) Information management systems, (11) Off-site emergency preparedness, (12) Sheltering, (13) Utilization of data and information generated from Fukushima accident, (14) Radiation protection for workers, (15) Exercises and drills for on-site workers
+ Lesson 16 is a key for technology governance: (16) Regulatory independence and clarity or roles in nuclear regulatory systems
11
* Fundamental issues in order never to have a recurrence of the Fukushima accident
* Individual engineering agenda converge to a set of critical lessons consisting of:
1) Risk-informed decision2) “Scientific imagination”3) Speed in action
* An engineering principle underlying technology governance
* An umbrella to individual technical components
(2) Critical Lessons raised by an Earthquake Engineer: A Basis for Technology Governance (Kameda (Oct. 2011- JAEE Jour. / Mar. 2012-Int. Symposium on GEJE ) )
12
+ Critical Lessons1) Risk-informed decisionshould be the basis of nuclear safety
measures:Lack of beyond-design tsunami protection was a major cause of the accident at Fukushima-I. This requires risk-informed decision.
2) “Scientific imagination” should be a key for establishing risk models:Historical high have been too widely used in hazard assessment. Extreme events with very long return periods should be incorporated in risk modeling if no historical data but sound scientific bases. There are evidences.
3) Speed in actionis critical: The nature does not wait for us. / i) The case of Tokai II NPP should be positively highlighted where construction of new side walls with increased height (7m) to enclose sea water pump areas, nearly completion at the time of the Great Tsunami, protected the ultimate heat sink function. / ii) Delay of implementing risk-informed decision should be critically reviewed.
13
4. Action Criteria for Technology Governance
(1) Science-based hazard model~ Field-based judgment and scientific imagination leading to appropriate risk models
(2) Risk-informed technology options~ Beyond-design hazard regions / alternatives based on cost~benefit (safety, BCM, etc.) trade-off under risk constraint
(3) Technology assessment incorporating “total process and total system” of nuclear safety
(4) Safety decision standing on technological ethics~ accountability and transparency
(5) Risk communication in the decision process~ purpose = trust building
(6) Multi-disciplinary collaboration~ Fill perception gaps / Overcome academic gaps
(Kameda, Takada, Ebisawa and Nkamura (2012.9- AESJ Journal(in Japanese))
Superposition of "large tsunami" and "high tsunami" in the Tohoku-Pacific Earthquake (PARI)
14
+ Action Criteria (1): Science-based hazard model Field-based judgment and scientific imagination leading to appropriate risk models
Scientificimagination
15
Unit Tsunami Height Site elevation
####1 1 1 1 ---- ####4444 14141414~~~~15151515mmmm 10101010mmmm
####5555,#,#,#,#6666 13131313~~~~14141414mmmm 12121212~~~~13131313mmmm
・・・・Average subsidence of Tohoku-Kanto coastal area ~ – 0.8m
Deign tsunami & reassessment
Construction permit
((((1966~~~~1972))))
Based on JSCE guide((((2002))))
O.P. 3.1 m
((((Chile 1960))))
O.P.5.7 m((((Shioyazaki EQ::::
M7.9、、、、1938))))
Fukushima I
・・・・Design tsunami & reassessment・・・・Construction permit : 3.7m ( Chile EQ, M 9.0 1960)・・・・2002 evaluation : 5.2m (Shioyazaki EQ, M7.9 1938)
■■■■ Tsunami Heigt・・・・Sea side area: O.P. +6.5 ~~~~ 7m・・・・South side of 1U runnup: O.P. +14 ~~~~ 15m■■■■ Site elevation: O.P. +12m
Fukushima II
■■■■Tsunami Height: around O.P. +13m■■■■Site elevation : O.P. +14.8m
(subsidense about 1m )
Design tsunami & reassessment
Construction permit 2002 JSCE method
O.P.9.1 / 1611 Keichou Sanriku :
M8.6
O.P.13.6 / 1896 Meiji Sanrku :
M8.3))))
Onagawa
Design tsunami & reassessment
Establishment Permit JSCE Method (2002))))
No-description ASL4.9m / Off-Boso:
M8.2、、、、1677
■■■■ Tsunami Height: about H.P. +6.3m (ASL 5.4m)■■■■ Site elevation:::: H.P. +8.89m (ASL 8m)
- Increased side wall of seawater pump room (under construction): H.P.+5.80m (ASL 4.91m)・・・・New side wall and waterseal outside the side wall (wall completed): H.P.++++7m (ASL 6.11m)
Tokai II
Tsunami height at NPPs(red: observed in Tohoku-Pacific Earthquake; green:site elevation; violet: assessment in construction permit; blue: re-assessments)
+ Tsunami Simulation at NPP Sites (JNES, Oct. 2011)* Calibration to the four NPP sites using a single tsunami source model
78m
*Inversion from tsunami records to generate slips and rupture initiation times at each small segment
*Slip propagation and effects of time lags in tsunami generation from small segments were incorporated
*Max. slip = 78m, Mw = 9.1Note: Consistency with geodetic and ground motion (T=10-20-125-250s filter) based models was confirmed.
0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0
- 1 5
- 1 0
- 5
0
5
1 0
1 5
J 1 8 : O n a g a w a
T im e ( m in )
Wave H
eight(m
)
S i m u l a t i o n
O b s e r v e d
Max 12.3m
Max 12.3m
0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0
- 1 5
- 1 0
- 5
0
5
1 0
1 5
T im e ( m in )
Wave H
eight(m
)
S im u l a t i o n
O b s e r v e d
計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損
Max 9.6mMax 6.9m(計測時間中)
0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0
- 1 5
- 1 0
- 5
0
5
1 0
1 5
T im e ( m in )
Wave H
eight(m
)
S im u l a t i o n
O b s e r v e d
計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損
Max 9.6mMax 6.9m(計測時間中)
0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0
- 1 5
- 1 0
- 5
0
5
1 0
1 5
J 1 8 : F u k u s h im a 2
T im e ( m in )
Wave H
eight(m
)
S i m u l a t i o n
Max 7.9m
0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0
- 1 5
- 1 0
- 5
0
5
1 0
1 5
J 1 8 : F u k u s h im a 2
T im e ( m in )
Wave H
eight(m
)
S i m u l a t i o n
Max 7.9m
0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0
- 1 5
- 1 0
- 5
0
5
1 0
1 5
T im e ( m in )
Wave H
eight(m
)
S im u l a t i o n
O b s e r v e d
4.4m
4.1m
4.5m
4.7m
0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0
- 1 5
- 1 0
- 5
0
5
1 0
1 5
T im e ( m in )
Wave H
eight(m
)
S im u l a t i o n
O b s e r v e d
4.4m
4.1m
4.5m
4.7m
Comparison with tide gauge records(Nonlinear long wave model)
Onagawa
Fukushima I
Fukushima II
Tokai II
16
Major contributorsto Onagawa NPS
Major contributors to Fukushima & Tokai NPSs
1896 MeijiSanriku Tsunami
17
(a) distinction of "tsunami earthquake" (b) past events and sources of and inter-plate thrust zones TohokuTohokuTohokuTohoku----Pacific EarthquakePacific EarthquakePacific EarthquakePacific Earthquake
Seismicity of Tohoku-Pacific Japan (added to Earthquake Research Committee, 2002)
18
+ Action Criteria (2): Risk -informed technology options
+Critical lesson 1)Risk-informed decision should be the basis of nuclear safety measures:Lack of beyond-design tsunami protection was a major cause of the accident at Fukushima-I. This requires risk-informed decision.
+ The Japanese regulatory framework: the NSC Seismic Design Guide revised in 2006 (NSC, 2006) made explicit statements of the risk concept in terms of "residual risk" which stands for seismic risk of the plant in the beyond-design hazard levels. PRA application was promoted (not enforced). / Slow process of substantial implementation
Scheme of seismic safety assurance of NPP that should be realized under the 2006 NSC Seismic Design Guide
inter-connected
* Quantitative safety assessment of the entire plant system(relative to safety goal/ performance goal)
Accountability to the public
・Basic safety level (Design point) assured explicitly* Benchmark assurance by seismic design
Deterministic format
* Residual risk assessment[Seismic PRA]・Assurance of low "Residual risk" as seismic margin of the entire plant system in beyond-DBGM ranges
Fragility
・Seismic marginas realistic failure point of individual SSC's relative to design level
* Seismic margin assessment of SSC
Probabilistic assessment
Note: SSC = structure, system, componentDBGM = design basis ground motion"Failure" here means functional loss as well as structural failure
hazard levelp
rob
abili
ty d
ensi
ty
DBGM
* covered by "residual risk" assessment (entire plant system)
core damage frequency(residual risk)
* covered by seismic design (benchmark assurance)
* covered by seismic margin assessment (SSC)
PRA, fragility
Risk-informed decision scheme for nuclear seismic safety
Hiroyuki Kameda (Kyoto U., JNES)
Note: The scheme is applicable to tsunami safety.
20
+Key safety parameters are: 1) Design pointto define benchmark assurance, 2) Seismic marginof SSC to clarify their beyond-
design capacity, and 3) Residual riskto define seismic margin of the entire
plant system
+These parameters are connected consistently through fragility concepts and PRA integration.
+ On this basis, we can discuss deterministic design and probabilistic assessment in the same arena of physical phenomena.
+ (Meaningless disputes between “determinist” and “probabilists” should be halted.)
21
+ Benefit of using PRA for earthquake/tsunami protection- Integrated system reliability- Identification of critical accident scenarios and
critical plant components- Rigorous application to common-cause failures
caused by earthquake and/or tsunami- Synthetic treatment of inherent uncertainties- Risk-informed technological options: Cost ~
benefit (safety, BCM, etc.) trade-off alternatives under risk constraint
22
+Action Criteria (3): Technology assessment incorporating “Total process and Total system”
+ Implementing risk-informed decision in regulatory procedure=> Technical decisions must be made under the framework of 1) “Total process” and 2) “Total system”
=> Reduction of integrated system risk
23
+ Conventionalpractice
+ Enhancement(preliminary sketch)
1) Total process:
Hazard Committee(experts)
DBGM/DBTH Committee(experts)
Design Committee(experts)
Decision: NISA(administration)
Gap Gap
Hazard DBGM/DBTH SSC Design
Decision: JNRA(administration)
Integration and feedbackDesign point, Seismic margin, Residual risk
(engineering assessment & review)
Fragility Accident scenario
PRA procedure
24
+ Robustnesse.g.: Identification of critical safety-related SSC? /Redundancy, independence, diversity of safety functions
2) Total system:
+ Multi-hazard e.g.: Combined losses of external power by strong motion and on-site emergency power by tsunami / earthquake-induced fire / earthquake-induced internal flooding, etc.
+ Multi-unite.g.: Functional interactions within unit groups
25
+Action Criteria (4): Safety decision standing on technological ethics ~ Accountability and Transparency
+ Clarify decision processes in terms of “total process” and “total system
+ At regulator meetings, open meeting, disclosed documents showing not only results but processes, and fair operation are essential.
+ Trace, monitor, assess and feedback regulator and operators’ activities.
26
+Action Criteria (5): Risk communication in the decision process~ purpose = trust building
+ Purpose of risk communication:One-way dissemination => Building a foundation of trust
+ Risk information engineers should provide for risk communication based on PRA:i) Core damage frequency (CDF) / Containment failure
frequency / radioactive materials release / public radioactive exposure,
ii) Critical accident scenarios and SSCs’ with high contribution to CDF /
iii) Possibility of simultaneous failure of SSCs (influence of common-cause failure to CDF) /
iv) Ranges of strong motion as major contributors to CDF, etc.
27
+ Quality of information:*Not only numerical results + underlying conditions + process of assessment*Documents accountable to non-experts
+ Research activities:*M. Kitamura: 1) Human interface (HI) technique useful for citizens-experts communication, and 2) Filling gap among experts* T. Takada: Developing a new area “Engineering accountability and understanding”* Nuclear risk communication research by JNES and NITEC, in cooperation with IAEA, involving Kashiwazaki-Kariwa municipalities and local citizens
+ Organization of discussion groups:*e.g.: a local discussion group on nuclear safety consisting of 3/1 pro-nuclear, 1/3 anti nuclear and 1/3 neutral experts
28
+ Regulators’ activities:*USNRC: Diablo Canyon open WS on active faults
* France: ACT No. 2006-686 of 13 June 2006 on Transparency and Security in the Nuclear Field / High Committee for Transparency
* Japan regulators: new actions are being practiced to find public opinions / in the context of trust building, innovation needed / urged to practice and institutionalize a sound mechanism of nuclear risk communication
29
+ Action Criteria (6): Multi-disciplinary collabora tion~ Fill perception gaps / Overcome academic gaps
Responsibility of academia
+ Issues to overcome((((A view as a member of Japan Society for Earthquake Engineering (JAEE) and Atomic Energy Society of Japan (AESJ))
* Lack of perspective spanning cross-disciplinary issues* Sticking too much to their own individual fields (Ignore other fields and/or look at other fields only as boundary conditions)
* Gaps between fields should be filled (The nature does not overlook such gaps.)
* Cross-disciplinary brain storming and integration are indispensable.
* Defense-in-depth scheme has been realized neat and robust against NPP accidents caused by internal events.
* In case of earthquakes and tsunami: we deal with common-cause events induced by external loads that simultaneously affect the entire plant system / Not only safety front systems (shut down and core cooling) but support systems (RHR, ultimate heat sink) experience critical conditions as well / Due to large uncertainties in earthquake and tsunami hazards, hazard levels and corresponding SSC performances must be seamlessly integrated through the PRA procedure.
* Collaboration between nuclear safety engineering and earthquake engineering is critically important to connect hazards and system performances appropriately.
* Experience of collaboration between the AESJ Committee on Seismic Safety of NPP (Dec. 2007-March 2012) and the JAEE Committee on Seismic Safety of NPP (Oct. 2008-March 2012)
+ Collaboration between Nuclear Safety Engineering and + Collaboration between Nuclear Safety Engineering and + Collaboration between Nuclear Safety Engineering and + Collaboration between Nuclear Safety Engineering and
Earthquake Engineering ~ indispensable element for Earthquake Engineering ~ indispensable element for Earthquake Engineering ~ indispensable element for Earthquake Engineering ~ indispensable element for
earthquakeearthquakeearthquakeearthquake----tsunami safety of NPPtsunami safety of NPPtsunami safety of NPPtsunami safety of NPP
30
31
1) Official Report of the Fukushima Nuclear Accident Independent Investigation Commission / the National Diet of Japan, 5 July 2012 (NAIIC Report) (http://www.naiic.jp/en/)
2) Final Report on the Accident at Fukushima Nuclear Power Stations of Tokyo Electric Power Company / Investigation Committee of the Japanese Government, 23 July 2012 (http://icanps.go.jp/eng/)
5. Input from Investigation Committees with Implications to Technology Governance
32
1) NAIIC Report, the National Diet of Japan, 5 July 2012
Major issues discussed = Institutional problems / root causes in the Japanese culture“What must be admitted – very painfully – is that this was a disaster ‘Made in Japan.’ Its fundamental causes are to be found in the ingrained conventions of Japanese culture: our reflexive obedience; our reluctance to question authority; our devotion to ‘sticking with the program’; our groupism; and our insularity.” (K. Kurokawa, Chair)
Recommendations (Institutional aspects of technology governance)on: i) Monitoring the regulatory body by the National Dietii) Reform the crisis management systemiii ) Government responsibility for public health and welfareiv) Monitoring the operatorsv) Criteria for the new regulatory body (independent,
transparent, professional, consolidated, proactive)vi) Reforming laws related to nuclear energyvii) Develop a system of independent investigation
commissions
33
2) Final Report of the Investigation Committee, Japanese Government
Thorough discussion on technical evidences / Institutional clarification (regulators, operators, safety culture)Recommendations (keen for substantiating technology governance):i) Basic stance for safety measures and disaster preparedness
complex disasters, risk perception, disaster victims’ standpoint, incorporating latest knowledge
ii) Safety measures regarding nuclear power generationrisk-based assessment, severe accident management
iii ) Nuclear disaster response systemscrisis management system, emergency response headquarters, off-site centers, roles of prefectural governments
iv) Damage prevention and mitigationrisk communication, monitoring operation, SPEEDI, evacuation procedure, stable iodine tables, medical care, overseas aid
v) Harmonization with international practicesvi) Relevant organizations
regulatory body (independence, transparency, preparedness, information dissemination, professional, R&D update, international), TEPCO, safety culture
vii) Continued investigation of accident causes and damage
34
6. Conclusions
(1) Concept of “Technology Governance” was proposed as a key technology management framework for nuclear safety: its definition was proposed.
(2) Action criteria for technology governance were proposed:1) Science-based hazard model embodying "scientific
imagination"2) Risk-informed technology options 3) “Total process” and “Total system” 4) Safety decision standing on technological ethics5) Risk communication in the decision process6) Multi-disciplinary collaboration
(3) Relevance of technology governance was reviewed by analyzing three sets of lessons from the 3.11 Fukushima Accident and two final reports of investigation committees .